MyXalytics
by HCL Software
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52655 | Low | 0.20 | 3.1 | 0.00 | Oct 10, 2025 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure. | ||
| CVE-2025-59870 | 0.00 | — | 0.00 | Jan 16, 2026 | HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk | |||
| CVE-2025-52656 | 0.00 | — | 0.00 | Oct 3, 2025 | HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields. | |||
| CVE-2025-52654 | 0.00 | — | 0.00 | Oct 3, 2025 | HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation. | |||
| CVE-2025-52653 | 0.00 | — | 0.00 | Oct 3, 2025 | HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. |
- risk 0.20cvss 3.1epss 0.00
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.
- CVE-2025-59870Jan 16, 2026risk 0.00cvss —epss 0.00
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
- CVE-2025-52656Oct 3, 2025risk 0.00cvss —epss 0.00
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.
- CVE-2025-52654Oct 3, 2025risk 0.00cvss —epss 0.00
HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.
- CVE-2025-52653Oct 3, 2025risk 0.00cvss —epss 0.00
HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access.